Описание
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
Ссылки
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2